PublicDateAtUSN: 2009-12-18
Candidate: CVE-2009-3995
PublicDate: 2009-12-18 18:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3995
 https://ubuntu.com/security/notices/USN-995-1
Description:
 Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder
 Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote
 attackers to execute arbitrary code via (1) crafted samples or (2) crafted
 instrument definitions in an Impulse Tracker file.  NOTE: some of these
 details are obtained from third party information.
Ubuntu-Description: 
Notes: 
 mdeslaur> fixed by CVE-2009-3995f.patch in 3.1.11-6.2
Bugs: 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575742
 https://bugzilla.redhat.com/show_bug.cgi?id=614643
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_libmikmod:
upstream_libmikmod: released (3.1.11-6.2)
dapper_libmikmod: ignored (reached end-of-life)
hardy_libmikmod: released (3.1.11-6ubuntu3.8.04.1)
intrepid_libmikmod: needs-triage (reached end-of-life)
jaunty_libmikmod: released (3.1.11-6ubuntu3.9.04.1)
karmic_libmikmod: released (3.1.11-6ubuntu4.1)
lucid_libmikmod: released (3.1.11-6.1ubuntu0.1)
devel_libmikmod: not-affected (3.1.11-6.3)